PATRIOT Act Section 816
Within the PATRIOT Act, Section 816 does not deal specifically with terrorism, but assists law enforcement and computer operators by formally defining the threshold of criminal damage to computer systems. Nonmonetary damages, such as threats to safety, are also included. It defines "damage… as:
- loss to one or more persons during any 1-year period aggregating at least $5,000 in value;
- modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of one or more individuals;
- physical injury to any person;
- a threat to public health or safety;
- damage affecting a computer system used by or for a government entity in furtherance of the administration of justice, national defense, or national security.
Item 5 is new in legislation, and item 1 was added to clarify that the $5,000 threshold is the total of damages to all persons affected. This section establishes a safe harbor for manufacturers, protecting them against civil suits for "negligent design or manufacture of hardware, software, or firmware." In other words, it is unlikely one can collect from the manufacturer for security vulnerabilities.
"Damage", as described here, does not include spamming or copyright violations. It is not clear if #3 can be interpreted to cover threats against individuals.
These criteria probably are not useful to stop spammers that are already users; operators will have to deal with them either through a Terms of Service policy or specific spam legislation, such as the Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 (CAN-SPAM). Some states, such as Virginia, have even stronger anti-spam laws.